• ### Announcements

• #### IE 11 copy/paste problem

It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Followers 0

# MS Office XP Standard Installer

## 5 posts in this topic

So I contracted the recent res://isuk.dll?9878 virus and have been browsing these forums looking for a solution and trying everything I come upon (I now have Adaware, ZoneAlarm, XoftSpy, CWSShredder, SpyBot S&D, Spy Sweeper, Hijack This, Trojan Hunter and now Avast... all tried... in various ways, and failed... )

I fear I have something even worse than the usual CWS res://jerk.dll bug because everytime I open a program or a new piece of mail or a new window, Microsoft Office XP Standard Installer pops up and tries to install god knows what, fails, and then asks me for the proper disc.

I saw this mentioned in the long thread trying to address CWS but have since not seen anything else dealing with it. I think this is the sign of a different strain, or I just have something else working against me.

I also had/have the Home Search Bastard (followed regedit way of removing it and havent checked to see if its back yet)...

So, I was wondering if anyone has gotten the MS Office Pop up thing and if so, have you gotten rid of it and how?

I'm not sure it will help with the MS Office Installer, but you all seem to be into the HJT logs, so I'll go ahead and post mine... who knows what it will show... I've been slowly suffocating the browser hijacking bug for the past couple days through numerous assaults... I still get popups, but it no longer changes my homepage...

Logfile of HijackThis v1.97.7

Scan saved at 11:56:45 PM, on 6/25/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\WINDOWS\System32\CTHELPER.EXE

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Messenger\msmsgs.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\WINDOWS\System32\msiexec.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Documents and Settings\God\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [netwa.exe] C:\WINDOWS\system32\netwa.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - Global Startup: Exif Launcher.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...76/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,16/mcgdmgr.cab

if you've gotten this far, I would just like to say thank you to the webmaster and pros who donate their time to keep this thing running... I would have had to rebuild long ago if not for this resource... although, it looks as though I may have to anyway...

PS - I got the bug while surfing cuz McAfee auto-updated and then turned itself off waiting for me to reboot... you believe that? Screwed cuz my anti-virus took a coffee break...

##### Share on other sites

I had the same kind of hijack. Luckily PGP Phantom was able to help me out though. He took me through the steps to get this thing off of my computer. I am still getting the MS installer. He recommended to put the office disk in, since thats what the dialog box asks for. I don't have the disk with me right now so if you try it and it works let me know.

##### Share on other sites

I am having the same exact problem and because of this I signed up to these boards. It seems like a great place to get help.

Thanks for the time and effort.

DP

##### Share on other sites

I allowed the MS Office XP thing to run its course and Im currently not getting it as a pop up anymore... I have not yet rebooted, however, and am certain I am still infected (Trojan hunter keeps finding "possible" trojans and spysweeper find the same registry values over and over from CWS)

back to the battle...